The news are collected on https://wiki.debian.org/DeveloperNews
Please contribute short news about your work/plans/subproject.
In this issue:
+ New debhelper compat 10 ready for testing
+ Source packages can include upstream signatures
+ Repository makes use of `by-hash` to avoid hashsum mismatches
+ stretch-debug suite now populated
+ `init` no longer required
New debhelper compat 10 ready for testing
-----------------------------------------
As of debhelper/9.20160403, the new compat level 10 is now ready for
widespread public testing. A few highlights:
* The dh command will no longer use log files to track which commands
have been run. The dh command *still* keeps track of whether it
already ran the "build" sequence and skip it if it did.
* The autoreconf sequence is now enabled by default. Please pass
--without autoreconf to dh if this is not desirable for a given
package
* The dh_installinit command now defaults to --restart-after-upgrade.
For packages needing the previous behaviour, please use
--no-restart-after-upgrade.
Please review the full list in "man 7 debhelper" or
https://lists.debian.org/debian-devel/2016/04/msg00018.html
-- Niels Thykier
Source packages can include upstream signatures
-----------------------------------------------
Debian source packages in the 3.0 (quilt) format can now include
a detached OpenPGP signature of the source tarball by the upstream
developers: just put a foo_1.2.orig.tar.xz.asc besides the
foo_1.2.orig.tar.xz tarball and dpkg 1.18.5+ will pick up the
signature and include it. uscan does not yet[1] place upstream
signatures alongside the upstream tarball.
This signature is not used by the Debian archive, but can be used
by others to verify the integrity of the upstream source.
Thanks to Daniel Kahn Gillmor for the suggestion and Guillem
Jover for the implementation.
-- Ansgar Burchardt
[1] https://bugs.debian.org/727096
Repository makes use of `by-hash` to avoid hashsum mismatches
-------------------------------------------------------------
For a long time updating repositories was racy: `apt update`
could obtain a Release file, but non-matching (newer or older)
Packages indices and would report a "Hash Sum mismatch" error.
Re-running `apt update` at a later time would obtain a matching
set of files.
Recently apt gained the ability to retrieve files referenced from
Release via a hash, for example it would request
dists/unstable/main/binary-amd64/by-hash/SHA256/{...}
instead of
dists/unstable/main/binary-amd64/Packages.xz
This means that as long as all `by-hash` files are present before
the new Release file is installed, apt would no longer retrieve
non-matching sets of files. In addition the repository can
provide an older generation of indices for clients that obtained
the old Release file at the same time.
Debian's archive now supports this for the `testing`, `unstable`
and `experimental` suites, as well as for some related
suites (`buildd-*`, `*-debug`, `testing-proposed-updates`).
Another, less visible, change was done to help our mirroring tools.
The files `dists/*/*Release*` were moved to `zzz-dists/*/*Release*` and
replaced with symlinks.
It helps rsync to sync these important files after all other indices have
been updated, as rsync always sorts files to be transferred by name.
This change has been implemented for the distributions mentioned above.
One piece in APT is still missing: apt does not yet use `by-hash` for the
pdiff Index files[2].
This means APT might fall back to downloading the complete file instead
of only diffs in case a non-matching pdiff Index file was retrieved.
Many other tools will need changes as well to benefit from these archive
changes.
Thanks to the APT developers for implementing this in apt, and to
Julien Cristau for the implementation on the archive side in dak.
-- Ansgar Burchardt
[2] https://bugs.debian.org/824926
stretch-debug suite now populated
---------------------------------
As of May 22nd, the stretch-debug suite available in the debug archive
contains the dbgsym (debugging symbols) packages corresponding to
packages in stretch. It can be enabled with either of the following
sources.list entries:
deb http://deb.debian.org/debian-debug stretch-debug main
deb http://deb.debian.org/debian-debug testing-debug main
-- Julien Cristau
`init` no longer required
-------------------------
Some uses of Debian, such as application containers or bootstrapping (and
buildd chroots), do not require an init system, but prefer a minimal base
system.
To accommodate these a bit better, the `init` package was made no longer
essential[3] and its priority was downgraded to "important"[4].
This means that the `buildd` and `minbase` variants of `debootstrap` will
no longer include `init`.
For unstable as of 2016-06-05 this change reduced the size of binary
packages to install from 33MB to 29MB for the `minbase` variant.
-- Ansgar Burchardt
[3] https://bugs.debian.org/756023
[4] https://bugs.debian.org/824991
Attachment:
signature.asc
Description: PGP signature